They're glad that Facebook isn't being handed information just because they're a big company. Want private registrant info? Get a subpoena. It should be very easy if you have a legit reason.
In cases like the example mentioned, this is clearly a malicious entity. I don't agree that "get a subpoena" is the right response, some judgement should be applied to cases where someone is clearly using your service to do harm.
> some judgement should be applied to cases where someone is clearly using your service to do harm
This is Facebook's argument essentially. But who decides that it is "clearly" doing harm? Should Facebook have the power to just tear domains away from their owners at their sole discretion? Should Namecheap be deciding if they break their privacy contract (the entire WHOISGUARD product that they offer) because a domain sounds too close to another company's product? Why should Facebook (or Namecheap) have the power to soley make decisions on this manner? Why do they get to "play god"?
These types of Copyright or Trademark issues have a proper and appropriate channel for handling these disputes. Facebook should be using the APPROPRIATE channels (ie the Judicial system) to handle this. The courts could issue a subpoena to Namecheap and Namecheap can take it down or hand over the information or whatever a judge decides should be done. But a sworn judge is the one that should be making these decisions, not a private company. This is where Namecheap is right in its stance and Facebook is wrong. Facebook is big and has lots of money, but that doesn't allow them to circumvent the Justice system. We swear in Judges to handle things like this. The judge can decide if this is "clearly" a violation or not. The judge will also help decide on the gray cases as well. The Judge will look at the facts of each case individually and help to protect Facebook's copyrights and trademarks while also protecting the rights of the citizen that owns the domain in question. He is the impartial authority that is trained and authorized to make these decisions.
Namecheap is doing it right, and this makes me very happy to be registering domains through them. I am happy that they don't buckle to the pressure of a big scary corporation. Facebook is once again proving that they are not a good internet citizen. Another reason the world would be better if they disappeared. Facebook isn't above the rest of us, or our governmental processes. The fact that they think they are is reason enough to never trust them with your data.
And in cases that aren't so clear? One of the three cited in the press release was instagrambusinesshelp.com - that doesn't sound remotely malicious to me.
Yes. I'm fine with Namecheap taking the domain down. Handing information like that just because they ask for it? That's a huge no. Let them proceed through the legal channels to get that information.
Facebook is suing Namecheap because Namecheap is not handing over the information just because Facebook asked them to. Facebook decided that the domain should be taken down and expected Namecheap to just do what Facebook said. Namecheap refused. That is why Facebook is suing them.
What Facebook should do is file a trademark dispute against the domain owner. Then a judge will look at the case, decide if Facebook has been wronged, and if so, the judge will ask Namecheap for the domain owner's information, at which point Namecheap would then be expected to (and not wrong for doing so) hand over the information to the judge. The court system will handle the rest. That is why we have these court systems. I know Facebook is confused and thinks they are above the government, but that is why it is good for Namecheap to remind them of that.
Traditionally site owners are either public or can be requested in a 7 day span by showing clear harm.
Otherwise the liability falls to Namecheap. Presumably Facebooks motivation for actually suing is to prevent name registrar's from protecting obvious scammers for profit.
Not sure how I feel about this, site owners who act in good faith clearly should be able to stay private. On the other hand, scammers can open sites much more quickly than they can be reasonably be sued. Most businesses try to keep scammers from obtaining similar domains, having to sue each time to take a page down could make this infeasible for smaller ones.
The court order is that a judge rules there has been trademark infringement and asks namecheap to take it down. If facebook would like to pursue suing for infringement then, they get another injunction with a court order, and the judge asks namecheap for the name associated with the infringement.
I worked for a European domain registrar a few years ago.
An obviously malicious site like "whatsappdownload.site" would be taken offline very quickly, but under no circumstances could we give non-public subscriber information to a third party without a warrant.
> You're glad Namecheap is protecting the registrant of "whatsappdownload.site"?
In most cases I've seen, registrant data would either be fake, the result of identity theft, or an innocent customer's whose account got hacked.
Yes. I don't want Namecheap stepping in to judge how I use my domains- I want a court of competent jurisdiction to make those determinations. There is an appropriate process for these issues.
It seems that the appropriate process for this issue would be suing the registered owner of these domains (Whoisguard), which is what they're doing now - and a court of competent jurisdiction will be ruling on it.
Facebook doesn't say exactly what they are seeking, but that is one possibility. However, this PR piece seems to be accusing Namecheap of doing wrong- and it appears that Namecheap is entirely in the right. If all Facebook was doing was seeking control of the domain name, and they didn't make this accusatory post, I would agree that they were following the proper process.
Yes. I want Namecheap to protect my privacy. When they show they're even willing to protect the privacy of a low-reputation actor, it proves to me that they are likely to protect my privacy as well.
It's the same reason I'm glad that HTTPS and SSL protect the registrant of whatsappdownload.site.
For what it's worth, the problem with that process is that it creates an uneven burden. Any scammer with 10 bucks can create a misleading domain. This happened to us when some scammers created "autostempest.com" to mimic our car search site, autotempest.com. They put fake listings up and scammed many people out of tens of thousands of dollars. Our only legal recourse was a UDRP claim (short of suing namecheap, which would have been even more expensive), but that would have cost about $2000 because you need to go through a registered provider—and these are private companies, which take advantage of this regulatory oligopoly.
Now, $2000 would be worth it to shut down a scammer like that, except nothing stops them from simply ignoring the UDRP claim and once their domain is shut down, they can register autotempests.com or something for another 10 bucks. (They actually did end up registering autostempestgroup.com and several others.)
On the other hand, if you could simply go to the registrar, show clear evidence of the very obvious infringement, and have them shut down the domain, perhaps it would actually be feasible to put a dent in that kind of scam.
I do understand the concern of having a private company like Namecheap be the judge in these matters, but I'm not sure it's as black and white as that. I could see a system working where they do take unilateral action on obvious cases (autostempest, whatsappdownload.com, faceb00k, etc.), but require the formal process for less clear cases.
I understand this complaint. But Facebook attacking Namecheap in a public post for doing the right thing is the wrong way to go about changing the system. They should instead petition ICANN and/or their political rulers to change the process.
"Slütsof In Stagram", naturally, what did you expect? See also "Whöresof In Stagrâm" at similar URL.
Yes, someone tried to register SlutsOfInstagram.com and WhoresOfInstagram.com and when Facebook/Instagram objected, they turned the sites into something else entirely.
The point being that you can't really tell anything from the name.
But then you can't really tell anything from the content either, because if there is phishing content the first thing the registrant will claim is that they've been hacked. Which is hardly uncommon in that context. So then you need someone to make a judgement call. Which is what courts are for.
If there's a combination, it's very obvious. To use my personal example again, the domain was autostempest.com, and they had copied our logo directly, and created a car listings site. It would be trivial to see that we were using the name and logo first.
Going to court just wasn't an option. For one thing, we couldn't even identify the people behind these sites without first going to court against namecheap. And after all that effort and expense, it's entirely possible they'd registered the domain with fake info and the effort would have been wasted. Even the UDRP option was not cost effective, because nothing would stop the scammers from opening a new fake domain. What we eventually did that worked was found a "CSIRT" company that would use its private connections to hosting providers to, for a fee, get offending content taken down. So, that's the kind of thing the status quo is incentivizing. Hardly better than if there was a takedown process available through namecheap it seems.
That said, you'd certainly want to avoid the situation with Youtube, where the power is swung all the way in the other direction, so creators have almost no recourse when purported rights holders issue a claim.
I used to work for a company that offered brand-protection services. The customer would grant my old employer power of attorney to send C&D letters and file takedown lawsuits on their behalf, and we would do all the monitoring and brand-defense work, then send a report to the customer justifying the exorbitant fees.
Maintaining a trademark costs time and money. You can save money by doing the work yourself, or by using backchannels, as you mentioned. You can save time by hiring someone to do the tedious work for you. Even a single-partner specialist law firm should have boilerplate templates on hand for taking down an infringing website fast, using regular channels. I imagine that most of the cases result in no answer from the main defendant and default judgment that orders the registrar to transfer the domain to the plaintiff, who can then blackhole it or redirect to the genuine site.
A higher-service firm will also proactively scour the Internet for threats to your brand--at a higher price, of course.
I would not recommend my former employer for this, as they got bought out, and the new owner arbitrarily fired the entire development team.
> To use my personal example again, the domain was autostempest.com
So then they claim their company is called Auto Stem Pest in the business of selling automatic pest control devices, and their website had your logo on it "temporarily" because it had been compromised by third party malicious hackers.
Somebody has to decide whether that story is a load of BS. But it's a thing that could realistically have happened, and Namecheap has neither the resources nor the qualifications to stand in judgement.
> Going to court just wasn't an option. For one thing, we couldn't even identify the people behind these sites without first going to court against namecheap. And after all that effort and expense, it's entirely possible they'd registered the domain with fake info and the effort would have been wasted.
The thing is, that's what happens anyway. Most of the people doing this are in countries that just don't care. Having their names generally won't do you any good.
> Even the UDRP option was not cost effective, because nothing would stop the scammers from opening a new fake domain.
Which points to domains being a bad point of attack to go after them. It's like trying to catch cat burglars by maligning department stores that sell gloves. It's just not a useful place to apply pressure.
For fraudsters in a friendly jurisdiction, courts work, because the process is a pain in the butt but at the end of it they go to jail which is a large enough deterrent that it mostly stops them to begin with.
When they're in an antagonistic jurisdiction (which is most common), the law can't help you, because it isn't your law that applies. At that point you're down to technical and market solutions, like the one you found.
Yup, more so with GDPR. It is nobodies business who's behind a domain. Authorities can of course figure it out (with subpoena, as it should be) should the need arise.
Yes. Do you know what content was on there? Scam/malware? Critical reporting on facebook's business processes? A parody site making fun of whatsapp? A redirect to Signal?
At least two of the 4 examples I gave are perfectly legal even under trademark and/or copyright law. And 3 are non-malicious
